It's over the air, not even phone lines. PDW, SDRSharp, and an rtl-sdr dongle is all that's needed.
And yes, there is a lot of patient info in that traffic. It's not illegal for the hospital to broadcast this, and it's not illegal to listen in and decode the signals, but it is very much illegal to do anything with the information gathered.
> It's over the air, not even phone lines. PDW, SDRSharp, and an rtl-sdr dongle is all that's needed. And yes, there is a lot of patient info in that traffic. It's not illegal for the hospital to broadcast this, and it's not illegal to listen in and decode the signals, but it is very much illegal to do anything with the information gathered.
I'm not familiar with this particular technology, which is why I didn't make a definitive claim in my previous comment. But I am quite intimately familiar with HIPAA and related regulations, and I am extremely skeptical of the third sentence you wrote.
Maybe it uses particular spectrum that is considered illegal to tamper with, just like analog cell phone signals, and HIPAA (inappropriately IMHO) leans on that to explain away an exemption from encryption?
I don't think I have any logs of these any more, but when I was listening on the local hospital's pager traffic, I seem to recall messages that were along the lines of [last name][room number][sexually transmitted disease test is complete].
Surprised me at the time too because I used to do work dealing with processing CDA documents into fhir data and I know how crazy HIPAA can be with PHI/PII, but at the same time these legal frameworks often have carveouts or super serious adoption deadlines that keep getting pushed to next year (and then next year, and then next year).
